PowerShell Scripting to Replicate LDAP Objects to MySQL

The CData Cmdlets for LDAP offer live access to LDAP objects from within PowerShell. Using PowerShell scripts, you can easily automate regular tasks like data replication. This article will walk through using the CData Cmdlets for LDAP and the CData Cmdlets for MySQL in PowerShell to replicate LDAP objects to a MySQL database.

After obtaining the needed connection properties, accessing LDAP objects in PowerShell and preparing for replication consists of four basic steps.

To establish a connection, the following properties under the Authentication section must be provided:

• Valid User and Password credentials (e.g., Domain\BobF or cn=Bob F,ou=Employees,dc=Domain).
• Server information, including the IP or host name of the Server, as well as the Port.

• BaseDN: This will limit the scope of LDAP searches to the height of the distinguished name provided.

  Note: Specifying a narrow BaseDN may greatly increase performance; for example, cn=users,dc=domain will only return results contained within cn=users and its children.

Collecting LDAP Objects

1. Install the module:

   Install-Module LDAPCmdlets

2. Connect to LDAP:

   $ldap = Connect-LDAP -User $User -Password $Password -Server $Server -Port $Port

3. Retrieve the data from a specific resource:

   $data = Select-LDAP -Connection $ldap -Table "User"

   You can also use the Invoke-LDAP cmdlet to execute pure SQL-92 statements:

   $data = Invoke-LDAP -Connection $ldap -Query 'SELECT * FROM User WHERE CN = @CN' -Params @{'@CN'='Administrator'}

4. Save a list of the column names from the returned data.

   $columns = ($data | Get-Member -MemberType NoteProperty | Select-Object -Property Name).Name

Inserting LDAP Objects into the MySQL Database

With the data and column names collected, you are ready to replicate the data into a MySQL database.

1. Install the module:

   Install-Module MySQLCmdlets

2. Connect to MySQL, using the server address and port of the MySQL server, valid user credentials, and a specific database with the table in which the data will be replicated:

   $mysql = Connect-MySQL -User $User -Password $Password -Database $Database -Server $Server -Port $Port

3. Loop through the LDAP objects, store the values, and use the Add-MySQL cmdlet to insert the data into the MySQL database, one row at a time. In this example, the table will need to have the same name as the LDAP resource (User) and to exist in the database.

   $data | % { $row = $_ $values = @() $columns | % { $col = $_ $values += $row.$($col) } Add-MySQL -Connection $mysql -Table "User" -Columns $columns -Values $values }

You have now replicated your LDAP objects to a MySQL database. This gives you freedom to work with LDAP objects in the same way that you work with other MySQL tables, whether that is performing analytics, building reports, or other business functions.

Notes

• Once you have connected to LDAP and MySQL in PowerShell, you can pipe command results to perform the replication in a single line:

  Select-LDAP -Connection $ldap -Table "User" | % { $row = $_ $values = @() $columns | % { $col = $_ $values += $row.$($col) } Add-MySQL -Connection $mysql -Table "User" -Columns $columns -Values $values }

• If you wish to replicate the LDAP objects to another database using another PowerShell module, you will want to exclude the Columns, Connection, and Table columns from the data returned by the Select-LDAP cmdlet since those columns are used to help pipe data from one CData cmdlet to another:

  $columns = ($data | Get-Member -MemberType NoteProperty | Select-Object -Property Name).Name | ? {$_ -NotIn @('Columns','Connection','Table')}